Privacy Law
Feature

Let’s Talk About Privacy: Privacy Law Takes Center Stage Globally and at Santa Clara Law

By Susan Vogel

In this unprecedented moment in history, when we are all spending more time than ever on some kind of device, consumer privacy has surged to the forefront of public concern. Silicon Valley innovators continue to develop amazing new services that make our lives better, but many are worried about the ways in which technology takes and trades our private data, how that data can harm people’s lives (including their ability to get jobs, credit, and housing), and how those issues erode trust in our public institutions.

Santa Clara Law is uniquely positioned to take on these crucial public issues, thanks to its location in the center of the U.S. technology birthplace and hub, its technology expertise, and its solid commitment to ethics and social justice. Grants and gifts it has recently received will help it do even more to benefit students, the legal field, and the public.

Three current and former University trustees have donated $250,000 each to expand the Privacy Law Initiative, including increasing the interdisciplinary study of privacy law, and to foster ethical leadership in the area of technology and privacy. The three donors were:

  • Larry Sonsini, founder and senior partner of the famed Silicon Valley law firm Wilson Sonsini, and vice chair of Santa Clara University Board of Trustees
  • Paul Gentzkow, president and chief executive officer, staffing services of Robert Half International and former chair of Santa Clara University Board of Trustees, and his wife Barbara Gentzkow
  • Kapil K. Nanda, founder, chair, and CEO of customer-engagement technology company Infogain, and SCU trustee, and his wife Margaret Nanda

These trustee gifts helped support the hiring of the first Managing Director position for the Privacy Law Initiative, which was recently filled by Joy Baker Peacock, who was Managing Director of the High Tech Law Institute (HTLI) from 2011-2015. “The Trustees’ generous gifts give us a lot of flexibility in developing new programming and the opportunity to do things that other schools are not doing,” says Santa Clara Law Professor Eric Goldman, who also serves as a co-director of the High Tech Law Institute and supervisor of the Privacy Law Certificate.

Several courts have awarded Cy Pres funds to Santa Clara Law to educate the public on their privacy rights. And earlier this year, the Knight Foundation awarded $150,000 to Goldman to support his research on the ways in which technology transforms our democracy.

“Our society continues to wrestle with big questions about the implications of technology, and we remain dedicated to training the next generation of lawyers and leaders to answer those questions with competence, conscience, and compassion,” says Prof. Goldman.

PRIVACY LAW AT SANTA CLARA: HISTORY AND RANKING

Privacy law has been part of Santa Clara Law’s curriculum since the protest era of the 1970s, when Professor Dorothy Glancy began teaching one of the first privacy law courses in the U.S. Many students independently found their way into a privacy career over the years, but the school created a formal pathway to help privacy-focused students with the launch of its Privacy Law Certificate in 2014. It was the first such certificate in the nation.

Today, to obtain the certificate, students must pass courses in Privacy Law, Comparative Privacy Law, and three electives from Santa Clara Law’s privacy-related curriculum. On top of that, they are required to complete an externship, clinic, or paid job focusing on privacy issues; publish a paper on privacy topics; and obtain an exam-based certification from the International Association of Privacy Professionals (IAPP).

Santa Clara Law’s comprehensive Privacy Law program has earned it “Tier 1” status with the IAPP. The IAPP created this tiered system last year to “to identify and pave pathways into the privacy workforce” as “demand for qualified privacy professionals surg[es]….” Tier 1 law schools are ABA-accredited law schools that “offer a certification or formal concentration in privacy law (or close equivalent) that results in students receiving formal recognition of their chosen specialization. Formal recognition requires a notation on students’ final transcripts.” Out of the 216 U.S. law schools, 109 had some kind of privacy offering, and only 11 of these, including Santa Clara Law, made Tier 1 status.

More than 35 students have earned Santa Clara Law’s Privacy Law Certificate; dozens of students have obtained the IAPP’s Certified Information Privacy Professional certification, and approximately 50 students are members of the Law School’s Privacy Law Student Organization.

The privacy dialogue taking place at Santa Clara Law extends far beyond campus through scholarly articles written by law faculty and privacy law students and published in law reviews and journals, blog posts, events, and webinars that are available to the public.

LET’S TALK PRIVACY & TECHNOLOGY WEBINAR SERIES

Earlier this year, Santa Clara Law created an opportunity for in-depth and candid discussions about privacy and technology through its new “Let’s Talk Privacy & Technology” series of public webinars curated by Lourdes M. Turrecha, Santa Clara Law’s Privacy Tech and Law Fellow and an adjunct professor. In her fellowship, Turrecha is researching and writing on the rise of privacy technologies, data ownership, privacy engineering, data ethics, and consumer empowerment over their personal data.

She is also a privacy tech evangelist. “We reached a tipping point with the Edward Snowden revelation, mass surveillance, data breaches, the Cambridge Analytica scandal, and election meddling,” Turrecha says. “Before the pandemic and recent national protests over systemic racism, privacy was second only to global warming in people’s view of big problems.”

Consumers are questioning the privacy actions of both big technology companies and the government. Even with the COVID-19 pandemic, “the most dire public health crisis in a century, 70 percent of people in the U.S. refuse to use contact tracing apps due to privacy concerns,” she says.

Turrecha joined the Privacy Law program in summer 2020, coming from a robust privacy background that includes 10 years in privacy law and cybersecurity working in-house for leading Silicon Valley cybersecurity firms, in Big Law, and most recently as a privacy and technology entrepreneur and startup advisor.

Just weeks after her arrival to Santa Clara Law, Turrecha launched the Let’s Talk Privacy & Technology series, which is designed to educate the Santa Clara Law community as well as the public on issues where privacy and technology intersect.

This intersection of privacy and technology is more like a “spaghetti bowl” freeway interchange than a 4-way stop. It gathers professionals from many areas: privacy law, cybersecurity, corporate structures, government regulation, international law, human rights, compliance, consumer protection, and software development and engineering.

Turrecha and her guests discuss big ideas that often clash with the status quo, such as:

  • Advocating for the ban of facial recognition, which cities like San Francisco and Portland have adopted
  • Being thoughtful when using smart devices
  • Asking about the ethical implications of new technologies
  • Considering the moral issue of using people’s personal data against their wellbeing
  • Exploring how tech’s “insatiable desire for data has depleted our attention span and eroded our public institutions” (Episode 4, Woodrow Hartzog, Professor of Law & Computer Sciences, Northeastern University, The Battle to Control the Design of New Technologies, July 17)
  • Building version 2.0 when it comes to the Internet and privacy-invasive tools

“The world of technology,” says Turrecha, “has historically been built with privacy as an afterthought.” Turrecha calls privacy a “fundamental human right,” and regularly refers to a “privacy debt” that companies owe for failing to build privacy into their products and business operations. Turrecha has also referenced Davi Ottenheimer’s criticism that up to now, society has “repaid the biggest privacy abusers.”

But things are changing. No longer is the public accepting the infamous 1999 pronouncement of Scott McNealy, CEO of Sun Microsystems: You have zero privacy anyway…Get over it.” The public is demanding data privacy, and companies that are paying their privacy debts are gaining a competitive edge, explains Turrecha.

Turrecha says she typically receives thought-provoking questions from audience members during the live episode recordings, with several attendees continuing the engagement afterwards.

For the larger audience that her webinars reach, including nonlawyers who are interested in privacy tech, Turrecha is launching a blog that will address similar big-picture issues.

Goldman says these are “important conversations that we need to have” adding that “Lourdes’s work is raising the bar on multi-disciplinary privacy dialogue and helping to bridge the gap between lawyers and technologists.”

Interim Dean Anna Han described the Privacy Tech and Law Fellow’s role as using his/her “passion, drive, experience, and energy” to “inspire our students and help shine the spotlight on important issues.” Turrecha is doing just that with this popular webinar series that is reaching a broad audience, featuring stellar guests, discussing open and uncensored content, and exploring a breadth of timely and critical issues.

NEW COURSE ON PRIVACY AND TECHNOLOGY

Turrecha is also developing a new “practical and experiential” course on privacy and technology for Spring 2021, which will continue to expand Santa Clara Law’s extensive privacy law curriculum.

“Not many US law schools have privacy law programs,” she says, and “of those that do, few have courses that go beyond theoretical and introductory privacy concepts. This course does, and it requires students to apply the concepts they’ve learned, while helping them build the practical skills needed to practice privacy in the technology space.”

These skills include “conducting a privacy impact assessment on a product, writing up product privacy data sheets, and gathering information on what data a product is collecting,” explains Turrecha. “Students will engage with startups and their products, identify and provide recommendations to address a tool’s privacy pitfalls; cultivate the fact-finding skills needed to assess the product’s privacy risks; and perform a privacy impact assessment of the product,” she says. Essentially, the course will “prepare students to be leading privacy professionals in the technology sector,” she adds.

Goldman says the course will be “an important innovation for our curriculum and extremely differentiated from our peers’ offerings.”

More info:

CROSS-DISCIPLINARY COURSEWORK

One of the challenges raised throughout the Let’s Talk Privacy & Technology series is that lawyers, engineers and business people often are not able to communicate with each other effectively. A Let’s Talk Privacy & Technology guest said candidly that she can point out privacy problems, but can only provide engineers with limited technical solutions.

Santa Clara Law is bridging these communication gaps through a unique class: How Engineers, Businesspeople, and Lawyers Communicate With Each Other, offered to Santa Clara University graduate students in law, business, and engineering.

Technologist, cybersecurity, and privacy expert Jeff Klaben MBA ‘09, who teaches the class along with Jennifer Stefanski, product counsel at Survey Monkey, says he was thinking about such a class when he applied to Santa Clara University’s MBA program in 2004. He had sampled nearly all areas of technology (starting in a technology public high school on Staten Island) as he worked in tech companies to put himself through a Management Information Technology program at Wright State University in Ohio. After graduation, when working for a defense contractor in Silicon Valley, he joined its security team “by accident,” he says. “That led to four years building security for organizations at a time when there were no classes on cybersecurity,” he says.

Shortly after earning his MBA, Klaben began teaching at Santa Clara in the areas of computer forensics and information security and became an advisor for the Markkula Center for Ethics. He connected with Eric Goldman, helped create this new cross-disciplinary class, and, in 2019, partnered with Stefanski to teach it.

Stefanski held Product Counsel roles with PayPal and eBay prior to joining SurveyMonkey. At PayPal, a privacy lawyer colleague connected her with Santa Clara Law and she learned about the class. Goldman suggested that she join forces with Klaben—a multidisciplinary match that sometimes mirrors the same communication challenges that they teach about in the course.

Stefanski says she was excited to be involved because “the class teaches students what I didn’t learn in law school—that a lawyer is an advisor to business, not the person in the room making all the decisions. We advise and counsel, and it’s our job to make sure the rest of the team understands the implications of the choices they are considering.”

The class brings together graduate students from law, engineering, and business schools, pairing up two from each program into groups of six. “On day one,” Klaben says, “they walk into the class and into a case simulation,” ideally a challenging technology issue invoking all their areas of study and lots of conflict. Klaben says he and Stefanski specifically choose scenarios that cannot be solved with black-and-white answers. “We want problems with a lot of gray areas,” he says. Together, the teams of students face a scenario they might encounter on a work team, such as being asked to monetize data gathered through the dark web. Though Twitterstorms among team members have erupted (such as when business students demanded an actionable response to the question “is it legal?” and law students instinctively responded “it depends!”), the team learns to work together and recognizes that they need each other’s expertise to succeed.

Some of the simulations involve trust exercises (including HUNDREDS of flying Ping Pong balls!), which Stefanski says are very important: “They go a long way in engaging the students and creating a team.”

These exercises are supplemented by outside speakers who, through hypotheticals involving, for example, social media, get students from the different disciplines to engage. “It’s really great watching it click,” says Stefanski. “Especially when students start asking questions outside their disciplines, like an engineer asking about the GDPR, rather than assuming that a lawyer will deal with it.” That, she says, is when she knows the class is preparing students for real life situations.

The students’ differing training and personalities are apparent from the start. The law students are often worried to make a move, Klaben says, while “the MBA students want to push things forward, and the engineering students apply structured thinking and problem solving.

For Stefanski, one of the most exciting things is when students challenge these roles. “In a recent debate, we had an MBA student saying the business was too risky and the lawyer urging it to go forward. It’s wonderful when we assume students will think a certain way because of their disciplines, and then they challenge us.”

The simulations include a good deal of reflection, a product of Klaben’s engagement with the Markkula Center. “These conversations are important,” he says, adding that they want students to experience “the timeline of decision making and the timeline of ethical decision making.”

Klaben and Stefanski make sure that students, 80 percent of whom are already in the workforce, learn the skills that they need. It’s very personalized in terms of addressing the students’ own strengths and personalities, and developing their communication skills based on their styles. “They are desperate to communicate effectively,” Klaben says.

Klaben sees students who excel in privacy and security (which he notes “ultimately support the same goals”) as having two common traits: curiosity and creativity. Stefanski says those two traits are key to success in privacy areas because much of privacy involves creativity in communicating (her undergrad area was communications) and curiosity is what fuels cross-disciplinary interest. Klaben adds that “only about 10 percent of technology students have this mindset.”

JOY BAKER PEACOCK RETURNS TO SANTA CLARA LAW

On August 23, the Law School announced the hiring of Joy Baker Peacock as the first Managing Director of the Privacy Law Program and interim managing director of the High Tech Law Institute.

If Peacock’s name sounds familiar, it’s because she was Managing Director of the HTLI from 2011 to 2015, playing key roles in the development of the Entrepreneurs’ Law Clinic (2013), the Privacy Law Certificate (2014), a three-year JD/LLM program, the Engineer to Patent Attorney Program, and the In-House Counsel Institute (2016).

During her four years with the HTLI, Peacock led its external relations, marketing, and fundraising, drawing on her decade of work in Silicon Valley law, tech, and nonprofit communities.

Peacock left the HTLI in 2015 to become Outreach Officer at the Silicon Valley office of the U.S. Patent and Trademark Office. There, she developed and implemented the office’s first strategic regional outreach plan. The following year she joined Bank of New York Mellon Corporation in Palo Alto as Engagement Director of its Silicon Valley Innovation Center.

She says, “Having spent the last 4 years in innovation, including machine learning and artificial intelligence, I better understand the business side of privacy and technology, including how big companies are using data, how bad and expensive data hygiene can be, and how people will take shortcuts unless forced not to.”

Goldman says that Peacock’s prior experience at the HTLI and extensive relationships with high tech companies in and beyond Silicon Valley make her uniquely qualified to quickly transition into the position in this crucial and challenging time. “Joy knows exactly what to do and how to make a difference in the Law School,” he says. “She will add extraordinary value to our programs due to her deep knowledge of the tech community.”

One of the things she will be exploring is the possibility of establishing online offerings and non-JD or LLM programs.

Peacock is thrilled to be back at Santa Clara Law and HTLI. “These are hard times, in which privacy is of increasing importance. It’s unbelievable how much data is being collected. Contact tracing, use of mobile phones in protests, the government tracking you – there are more and more issues about using data that can impinge on our liberties. Privacy used to be something my Eastern European friends were mostly concerned about, but now it’s becoming a nonpartisan issue here in the U.S.”

“I also see Santa Clara Law staying true to its values and ethics,” she adds. “The privacy law program will benefit society as a whole, and I wanted to be involved in it.”

GRADUATES WITH THE PRIVACY CERTIFICATE ARE IN HIGH DEMAND

Right now, says Goldman, “we are seeing an insatiable demand for privacy lawyers,” and that includes students who were not in the top half of the class grade-wise. “The Privacy Law Certificate,” Goldman says, “levels the grading curve; it helps talented students without top grades to remain competitive for their dream jobs.”

Employers love hiring students with a technology background, but even more important is that students are genuinely passionate about a career in privacy. “By completing the Privacy Law Certificate’s rigorous requirements, students prove their dedication to and enthusiasm about privacy law to employers,” said Goldman.

Demonstrating the soaring demand for privacy lawyers, by 2018, every one of the 10 Privacy Certificate grads from May 2018 were employed full-time within four months of graduation.

Perhaps surprisingly, of the 21 students earning the Privacy Law Certificate in 2014-18, 13 landed in-house jobs as their first jobs out of law school, challenging the common assumption that students have to work at a law firm before they can get hired in-house. This happens often, says Goldman, “when students placed in externships or internships at companies have proven their value to their employers. Our students working part-time during law school become too valuable for their employers to let them go.” A number of other students took JD-Advantage jobs upon graduation, where they deploy their legal knowledge and other skills without acting as a lawyer.

AN OPPORTUNITY TO SHAPE THE FUTURE OF PRIVACY

Santa Clara Law boldly and confidently tackles the toughest issues in technology and privacy today by bringing together its extensive expertise in law, engineering, business, ethics, and social justice. Collectively, with the support of donors and the University, Santa Clara Law is positioned to continue to make a difference for its students, the academic community, the high tech industry, and the public.

Susan Vogel is an attorney and frequent contributor to this magazine.